Kaspersky Lab has discovered that the “Darkhotel”, a spying crew famous for infiltrating Wi-Fi networks in luxury hotels to compromise corporate executives has been using a zero-day vulnerability from Hacking Team’s collection.
Following the public leak of files belonging to Hacking Team – the company known for selling “legal spyware” to some governments and law enforcement agencies – a number of cyberespionage groups have started using, for their own malicious purposes, the tools Hacking Team provided to its customers to carry out attacks. This includes several exploits targeting Adobe Flash Player and Windows OS. At least one of these has been re-purposed by the powerful cyberespionage actor, “Darkhotel”.
Kaspersky Lab has discovered that the “Darkhotel”, an elite spying crew uncovered by its experts in 2014 and famous for infiltrating Wi-Fi networks in luxury hotels to compromise selected corporate executives, has been using a zero-day vulnerability from Hacking Team’s collection since the beginning of July, straight after the notorious leak of Hacking Team files on July, 5th. Not known to have been a client of Hacking Team, the Darkhotel group appears to have grabbed the files once they became publicly available.
This is not the group’s only zero-day; Kaspersky Lab estimates that over the past few years it may have gone through half a dozen or more zero-days targeting Adobe Flash Player, apparently investing significant money in supplementing its arsenal. In 2015, the Darkhotel group extended its geographical reach around the world while continuing to spearphish targets in North and South Korea, Russia, Japan, Bangladesh, Thailand, India, Mozambique and Germany.
Collateral assistance from Hacking Team:
Kaspersky Lab’s security researchers have registered new techniques and activities from Darkhotel, a known advanced persistent threat (APT) actor that has been active for almost eight years. In attacks dated 2014 and earlier, the group misused stolen code-signing certificates and employed unusual methods like compromising hotel Wi-Fi to place spying tools on targets’ systems. In 2015, many of these techniques and activities have been maintained, but Kaspersky Lab has also uncovered new variants of malicious executable files, the ongoing use of stolen certificates, relentless spoofing social-engineering techniques and the deployment of Hacking Team’s zero-day vulnerability:
· Ongoing use of stolen certificates. The Darkhotel group appears to maintain a stockpile of stolen certificates and deploys their downloaders and the backdoors signed with them to cheat the targeted system. Some of the more recent revoked certificates include Xuchang Hongguang Technology – the company whose certificates were used in previous attacks performed by the threat actor.
· Relentless spearphishing. The Darkhotel APT is indeed persistent: it tries to spearphish a target, and if it doesn’t succeed returns several months later for another try with much the same social-engineering schemes.
· Deployment of Hacking Team’s zero-day exploit. The compromised website, tisone360.com, contains a set of backdoors and exploits. The most interesting of these is the Hacking Team Flash zero-day vulnerability.
“Darkhotel has returned with yet another Adobe Flash Player exploit hosted on a compromised website, and this time it appears to have been driven by the Hacking Team leak. The group has previously delivered a different Flash exploit on the same website, which we reported as a zero-day to Adobe in January 2014. Darkhotel seems to have burned through a pile of Flash zero-day and half-day exploits over the past few years, and it may have stockpiled more to perform precise attacks on high-level individuals globally. From previous attacks we know that Darkhotel spies on CEOs, senior vice presidents, sales and marketing directors and top R&D staff,” – said Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab.
Since last year, the group has worked hard to enhance its defensive techniques, for example by expanding its anti-detection technology list. The 2015 version of the Darkhotel downloader is designed to identify anti-virus technologies from 27 vendors, with the intention of bypassing them.
CES: So long, and thanks for all the beer!
Last week, the Las Vegas expo showed off its fun side with state-of-the-art technologies for enjoying beer, writes BRYAN TURNER
From craft beer-making machines to robots that pour beer, CES had more beer than usual in Las Vegas last week. And even free beer if you found the right stand. Stampede’s saloon-style booth offered beer to visitors who tried out its latest drones, virtual reality, and other gaming products. No beer tech, though.
Here are some of the beer technologies that stood out:
LG HomeBrew – Craft beer made at home
LG’s HomeBrew craft beer-making machine, debuted at CES 2019, brings the brewing process home thanks to single-use capsules, a self-cleaning feature, and an algorithm optimised for fermentation.
Like a Nespresso coffee machine, the beer maker uses capsules, which contain malt, yeast, hop oil and flavouring. At the press of a button, LG HomeBrew automates the whole procedure from fermentation and carbonation to ageing. A companion app lets users check HomeBrew’s status at any time during the process, from their handsets.
The beer machine not only offers a simple way to make craft
Designed with discerning beer lovers in mind, HomeBrew allows for in-home production of batches of more than 4 litres of beer in a variety of styles. The following five distinctive, flavoured beers are available now:
- Hoppy American IPA
- Golden American Pale Ale
- Full-bodied English Stout
- Zesty Belgian-style Witbier
- Dry Czech Pilsner
The only catch? It takes about two weeks to make, depending on the beer type.
“LG HomeBrew is the culmination of years of home appliance and water purification technologies that we’ve developed over the decades,” said Dan Song, president of LG Electronics Home Appliance & Air Solutions Company. “Homebrewing has grown at an explosive pace, but there are still many beer lovers who haven’t taken the jump because of the barriers to entry, like complexity, and these are the consumers we think will be attracted to LG HomeBrew.”
Click here to read about the party speaker that holds beer and robots that pour beer.
CES: Alienware gets Legend-ary
At CES in Las Vegas last week, Dell’s Alienware released a family of high-end, thin, light, and affordable machines for both amateur and professional gamers – and a new identity.
Alienware marked CES 2019 as a brand milestone with the debut of a new design identity, Alienware Legend. It aims to set a new bar of excellence for what gamers want most – performance and function. Alienware says it evaluated multiple concepts and chose one that was the biggest and boldest departure from its current look.
Alienware Legend, says the company, stays true to the brand’s core design tenets, taking cues from its deep roots in sci-fi culture and its early industrial designs, to distinguish the brand from the rest of the industry. The new Legend design is optimised with cutting-edge thermal cooling technology to achieve and sustain overclocking power, improved AlienFX lighting, and ultra-thin screen borders. It also unveiled a new “three-knuckle hinge” design that reduces the overall dimension while creating a stronger assembly, all combining to yield a better gaming experience.
“We’re excited to come to this year’s CES with some truly groundbreaking products, next-gen software and strategic partnerships that will bring more people to experience PC gaming and advance the industry,” said Frank Azor, vice president and general manager of Alienware. “The legend design answers the call for more and better from our gaming community, and the new G Series laptops will make PC gaming even more accessible to those looking for high-performance gaming at a cost they can appreciate.”
Click here to read about Alienware Legend in action with the Area-51m and m-series laptops